ESPGRIDwiki: RequirementsBibliography

Citations for all the articles used:

Note

• See raw text to see how to add an anchor type this Anchor(name_of_anchor)

• See raw text to see how to link to an anchor at the text type this [:name_of_wiki_page#name_of_anchor:text_of_link]
• Sorry this contains lots of blank links because of text involving 2 or more capital letters together!

All Hands Meeting Publications 2004

http://www.nesc.ac.uk/events/ahm2003/AHMCD/ and http://www.allhands.org.uk/2004/proceedings/

• Anchor(Cornwall et al)EU DataGrid and GridPP Authorization and Access Control. L. Cornwall, J. Jensen (CLRC), D. Kelsey (CLRC), A. McNab (Schuster Laboratory, University of Manchester) All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/095.pdf

  • Ivo: 'PKI based; Virtual Organisation for resouces, and users, VO membership lists; attribute certificates; Fine grained access control, dynamically allocated user IDs on local systems'

• Anchor(Chadwick)An Authorisation Interface for the GRID. D.W.Chadwick, University of Salford All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/162.pdf

  • Ivo: 'separate authentication and authorisation; plug and play authorisation functionality; need to have standartisaton on authorisation'

• Anchor(Sinnott et al)Bridges: Security Focused Integration of Distributed Biomedical Data. Dr Richard Sinnott, Prof David Gilbert, Dr David Berry, Dr Ela Hunt, Prof Malcolm Atkinson National e-Science Centre. All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/078.pdf

  • Ivo: 'No requirements, only descrbe what is used d(CAS, Akenti, VOMS, VOM, etc'

• Anchor(Manandhar et al)GRID Authorization Framework for CCLRC Data Portal. Ananta Manandhar, Glen Drinkwater, Richard Tyer, Kerstin Kleese CCLRC Daresbury Laboratory. All Hands Meeting Publications 2004 http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/118.pdf

  • Ivo: 'Analysing the structure of the resource providers and the future directions it is heading, it is seen that the important requirement to the Authorization infrastructure are that it has to be: Scalable It is quite inevitable that as organizations start collaborating more there would be an increase in users accessing their resources. The organizations need be able to scale up the number of users or resources without much additional administration overhead for them to be able to enjoy collaboration; Manageable Adding or removing users or resources to the system or modifying user privileges to the resources need to be kept simple and intuitive for the organizations so that the overhead for collaboration does not increase. Also keeping users privileges manageable keeps the system more consistent and up to date, making them reliable; Preferably under the control of the resource end When it comes to the issue of security, organizations are wary of external parties accessing their resources. Organizations would prefer to have control over who have access over their data and up to what degree. They are not yet ready to trust third party organizations in authorizing their resources and prefer to keep control over their resources to keep them reliable; Minimum intervention at the Data Portal layer As the Data Portal is a broker application between users and resource, it is best to pull authentication and authorization information from the resource provider s trusted bodies and have Data Portal forward it to the resource provider along with the request. This keeps Data Portal away from being an addition point of security consideration; Ability to utilize existing Access Control Models Much of the data are stored in file systems, databases or other system which already have an elaborate access control features and many resources present already utilize these existing access control features in managing the level of information that need to be returned. It seems best to integrate the authorization information along with these access control mechanism in providing the level of information to be returned; Ability to integrate with GSI The GSI is the standard means of authenticating users in the e-science community. It provides a trusted mechanism in authenticating users and delegating authentication rights. It would be useful for the authorization system to use GSI as the authentication mechanism; Future integration capabilities with other Grid related applications Users accessing data resources via the Data Portal may like to use other Grid applications such as the HPC portal [10,11] in conjunction. For example a user may retrieve a certain data set via the data portal and may then submit a job on the HPC portal. It would be easy for the user to do such operations if different Grid applications use the similar authentication and authorization strategies.

• Anchor(Kalra et al)'Security and confidentiality approach for the Clinical E-Science Framework (CLEF). D Kalra (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London), P Singleton (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London) (Judge Institute, University of Cambridge), D Ingram (Centre for Health Informatics and Multiprofessional Education (CHIME) University College London), J Milan (Royal Marsden NHS Trust), J MacKay (The Genetics Unit, Institute of Child Health, University College London), D Detmer (Judge Institute, University of Cambridge), A Rector (Department of Computer Science, University of Manchester) d.kalra@chime.ucl.ac.uk. All Hands Meeting Publications 2004 http://www.clinical-escience.org http://www.nesc.ac.uk/events/ahm2003/AHMCD/pdf/160.pdf

  * Ivo

  'Data confidentiality and pseudonimity.'